strange behavior of grsecurity
Posted: Sun Nov 07, 2004 10:04 pmhello.
on my system, i use a 2.4.27-kernel with the grsecurity-2.0.1 patch (compiled with gcc 2.95.4).
i'm using one default rule for all users on the system.
recently i noticed that it was possible for a regular user to send signals to the sshd process, which is owned by root. this behavior seems only to apply on processes which have the p-flag (protected process) set. also only if the acl-system is activated via gradm -E regular users can kill such protected root-processes without any restriction, otherwise "operation not permitted" error occurs. +CAP_KILL has not been defined in the acl.
further i noticed that root can kill any protected process even if the acl-system is active.
i've been working with grsecurity in earlier kernels and never faced such a behavior.
maybe i configured it in a wrong way?
thank you for any hint.
on my system, i use a 2.4.27-kernel with the grsecurity-2.0.1 patch (compiled with gcc 2.95.4).
i'm using one default rule for all users on the system.
recently i noticed that it was possible for a regular user to send signals to the sshd process, which is owned by root. this behavior seems only to apply on processes which have the p-flag (protected process) set. also only if the acl-system is activated via gradm -E regular users can kill such protected root-processes without any restriction, otherwise "operation not permitted" error occurs. +CAP_KILL has not been defined in the acl.
further i noticed that root can kill any protected process even if the acl-system is active.
i've been working with grsecurity in earlier kernels and never faced such a behavior.
maybe i configured it in a wrong way?
thank you for any hint.